Malware
Detecting Linux Stealth Rootkits with Directory Link Errors
Detecting stealth rootkits on Linux can be done from the command line. The secret is to ask the same question multiple ways to make sure all answers agree. If they don't all agree, something is…
XZ SSH Backdoor Detection Strategies
A sophisticated backdoor targeting the SSH service on Linux was made against the XZ compression library in a supply chain attack. The backdoor almost made it into most major Linux distributions until…
Evasive Linux Malware Detection Video Presentation (BPFDoor)
Sandfly founder Craig Rowland recently spoke at the Oslo Cold Incident Response Conference on evasive Linux malware. Although talks were not recorded, he made a video of the presentation he gave…
Detecting Evasive Linux Malware Presentation
Sandfly founder Craig Rowland gave a presentation for the FIRST Cold Incident Response Conference in Oslo on evasive Linux backdoors and malware below: Evasive Linux Backdoors and Malware…
Defending Security Infrastructure Against Wild Weasels
In the 1960s the United States came up with a plan to deal with advanced anti-aircraft Surface to Air Missiles (SAMs) present in Vietnam: They'd equip a jet with anti-radiation missiles, then have…
Active vs. Dormant Attacks on Linux: Don't Neglect Either!
Linux is the dominant operating system of the Internet. When it comes to detecting attacks against this platform however, there is a large focus spent on finding active attacks, but relatively little…